* sec_auth.cc (get_server_groups): Call get_logon_server only for

non-builtin accounts.
	* uinfo.cc (pwdgrp::fetch_account_from_windows): Check incoming
	account name for validity in terms of the current name prefixing rules
	and refuse invalid names.
This commit is contained in:
Corinna Vinschen
2014-05-14 11:27:47 +00:00
parent d4ff931bf8
commit 6506454fb3
3 changed files with 95 additions and 7 deletions

View File

@ -465,7 +465,11 @@ get_server_groups (cygsidlist &grp_list, PSID usersid, struct passwd *pw)
__seterrno ();
return false;
}
if (get_logon_server (domain, server, DS_IS_FLAT_NAME))
/* If the SID does NOT start with S-1-5-21, the domain is some builtin
domain. The search for a logon server is moot. */
if (sid_id_auth (usersid) == 5 /* SECURITY_NT_AUTHORITY */
&& sid_sub_auth (usersid, 0) == SECURITY_NT_NON_UNIQUE
&& get_logon_server (domain, server, DS_IS_FLAT_NAME))
get_user_groups (server, grp_list, user, domain);
get_user_local_groups (server, domain, grp_list, user);
return true;